REQUIRE URGENT INCIDENT RESPONSE?
How can Secrutiny help?
A two-phased approach is used to broadly examine the network as a whole to identify a much smaller set of ‘hosts of interest’ that are analysed more deeply in the second phase.
The first phase consists of the collection of information from across the entire estate, which is baselined and analysed for usage patterns, statistical anomalies, user behaviour, and vulnerabilities to determine the scope of the incident and identify ‘hosts of interest’.
The ‘hosts of interest’ are examined in greater detail to determine misuse and the risk this threat poses to the organisation.
Step 1: Identify the ‘host of interests’ use and the criticality to the business.
Step 2: Utilise a forensically sound collection tool to gather relevant artefacts.
Step 3: Analyse the collected artefacts to create “the story behind the compromise and its activity”.
Once the analysis has been completed, the results are presented back to the customer in the form of a report for review with the associated evidence and recommended remedial actions.
WANT TO KNOW MORE?
Fill in the form below to learn more about Secrutiny’s Incident Response Services.